CNIL releases a free software for PIA – a tool to help data controllers carry out data protection impact assessment

06 December 2017

The data protection impact assessment (Privacy Impact Assessment, PIA or DPIA) is an important tool for an organisation’s accountability. Conducting a PIA is a highly recommended good practice, and even mandatory in some cases, as it helps organisations build data processing privacy-friendly and be compliant with the GDPR. CNIL now publishes a free PIA software to assist the controllers going through this process. 

This user-friendly tool, available both in French and in English, unfolds the PIA methodology CNIL has been developing since 2015. Following this methodology will allow organisations to be compliant with the requirements defined in the WP29 Guidelines on Data Protection Impact Assessment adopted in October 2017. By releasing this tool now, CNIL gives data controllers a chance to get familiar with this methodology and to be ready for May 2018.

The PIA software tool offers several features facilitating the PIA process  

  • A contextual knowledge base based directly on the GDPR, the PIA guides and the Security guide published by CNIL. While conducting the analysis, the controller will be provided with a custom knowledge base;
  • Visualizations tools have been specially designed to ensure a quick understanding of the risks involved with the data processing at stake.

Currently in it beta version, the PIA software tool will be improved on the basis of feedbacks received from users. For that purpose the tool is available under a free license: anyone can develop new features, answering your specific needs, and share them afterward with the community. CNIL will publish a finalized version in 2018, before the GDPR comes into effect.

Document reference


Overview of the requirements and methodology